NETLMM Working Group V. Devarapalli (ed.)
Internet-Draft WiChorus
Intended status: Standards Track R. Koodli (ed.)
Expires: June 14, 2009 Starent Networks
H. Lim
N. Kant
Stoke
S. Krishnan
Ericsson
J. Laganier
DOCOMO Euro-Labs
December 11, 2008
Heartbeat Mechanism for Proxy Mobile IPv6draft-ietf-netlmm-pmipv6-heartbeat-02.txt
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on June 14, 2009.
Abstract
Proxy Mobile IPv6 is a network-based mobility management protocol.
The mobility entities involved in the Proxy Mobile IPv6 protocol, the
Mobile Access Gateway (MAG) and the Local Mobility Anchor (LMA),
setup tunnels dynamically to manage mobility for a mobile node within
Devarapalli (ed.), et al. Expires June 14, 2009 [Page 1]

Internet-Draft PMIPv6 Heartbeat Mechanism December 20081. Introduction
Proxy Mobile IPv6 [RFC5213] enables network-based mobility for IPv6
hosts that do not implement any mobility protocols. The protocol is
described in detail in [RFC5213]. In order to facilitate the
network-based mobility, the PMIPv6 protocol defines a Mobile Access
Gateway (MAG), which acts as a proxy for the Mobile IPv6 [RFC3775]
signaling, and the Local Mobility Anchor (LMA) which acts similar to
a Home Agent, anchoring a Mobile Node's sessions within a Proxy
Mobile IPv6 (PMIPv6) domain. The LMA and the MAG establish a
bidirectional tunnel for forwarding all data traffic belonging to the
Mobile Nodes.
In a distributed environment such as a PMIPv6 domain consisting of
LMA and MAGs, it is necessary for the nodes to 1) have a consistent
state about each others reachability, and 2) quickly inform peers in
the event of recovery from node failures. So, when the LMA restarts
after a failure, the MAG should (quickly) learn about the restart so
that it could take appropriate actions (such as releasing any
resources). When there are no failures, a MAG should know about
LMA's reachability (and vice versa) so that the path can be assumed
to be functioning.
This document specifies a heartbeat mechanism between the MAG and the
LMA to detect the status of reachability between them. This document
also specifies a mechanism to indicate node restarts; the mechanism
could be used to quickly inform peers of such restarts. The
heartbeat message is a mobility header message (protocol type 135)
which is periodically exchanged at a configurable threshold of time
or sent unsolicited soon after a node restart. This document does
not specify the specific actions (such as releasing resources) that a
node takes as a response to processing the heartbeat messages.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
3. Heartbeat Mechanism
The MAG and the LMA exchange heartbeat messages every
HEARTBEAT_INTERVAL seconds to detect the current status of
reachability between them. The MAG initiates the heartbeat exchange
to test if the LMA is reachable by sending a Heartbeat Request
message to the LMA. Each Heartbeat Request contains a sequence
Devarapalli (ed.), et al. Expires June 14, 2009 [Page 3]

Internet-Draft PMIPv6 Heartbeat Mechanism December 2008
number that is incremented monotonically. The sequence number on the
last Heartbeat Request message is always recorded by the MAG, and is
used to match the corresponding Heartbeat Response. Similarly, the
LMA also initiates a heartbeat exchange with the MAG, by sending a
Heartbeat Request message, to check if the MAG is reachable. The
format of the Heartbeat message is described in Section 3.3.
A Heartbeat Request message can be sent only if the MAG has at least
one proxy binding cache entry at the LMA for a mobile node attached
to the MAG. If there are no proxy binding cache entries at the LMA
for any of the mobile nodes attached to the MAG, then the heartbeat
message SHOULD NOT be sent. Similarly, the LMA SHOULD NOT send a
Heartbeat Request message to a MAG if there is no active binding
cache entry created by the MAG. A PMIPv6 node SHOULD always respond
to a Heartbeat Request message with a Heartbeat Response message,
irrespective of whether there is an active binding cache entry.
The HEARTBEAT_INTERVAL SHOULD NOT be configured to a value less than
30 seconds. Sending heartbeat messages too often may become an
overhead on the path between the MAG and the LMA. The
HEARTBEAT_INTERVAL can be set to a much larger value on the LMA, if
required, to reduce of burden of sending periodic heartbeat messages.
If the LMA or the MAG do not support the heartbeat messages, they
respond with a Binding Error message with status set to '2'
(unrecognized MH type value) as described in [RFC3775]. When the
Binding Error message with status set to '2' is received in response
to Heartbeat Request message, the initiating MAG or the LMA MUST NOT
use heartbeat messages with the other end again.
If a PMIPv6 node has detected that a peer PMIPv6 node has failed or
restarted without retaining the PMIPv6 session state, it should mark
the corresponding binding update list or binding cache entries as
invalid. The PMIPv6 node may also take other actions which are
outside the scope of this document.
3.1. Failure Detection
A PMIPv6 node, (MAG or LMA) matches every received Heartbeat Response
to the Heartbeat Request sent using the sequence number. Before
sending the next Heartbeat Request, it increments a local variable
MISSING_HEARTBEAT if it has not received a Heartbeat Response for the
previous request. When this local variable MISSING_HEARTBEAT exceeds
a configurable parameter MISSING_HEARTBEATS_ALLOWED, the PMIPv6 node
concludes that the peer PMIPv6 node is not reachable. If a Heartbeat
Response message is received, the MISSING_HEARTBEATS counter is
reset.
Devarapalli (ed.), et al. Expires June 14, 2009 [Page 4]

Internet-Draft PMIPv6 Heartbeat Mechanism December 20083.2. Restart Detection
The section describes a mechanism for detecting failure recovery
without session persistence. In case the LMA or the MAG crashes and
re-boots and loses all state with respect to the PMIPv6 sessions, it
would be beneficial for the peer PMIPv6 node to discover the failure
and the loss of session state and establish the sessions again.
Each PMIPv6 node (both the MAG and LMA) MUST maintain a monotonically
increasing Restart Counter that is incremented every time the node
re-boots and looses PMIPv6 session state. The counter MUST NOT be
incremented if the recovery happens without losing state for the
PMIPv6 sessions active at the time of failure. This counter MUST be
stored in non-volatile memory. A PMIPv6 node includes a Restart
Counter mobility option, described in Section 3.4 in an Heartbeat
Response message to indicate the current value of the Restart
Counter. Each PMIPv6 node MUST also store the Restart Counter for
all the peer PMIPv6 nodes that it has sessions with currently.
Storing the Restart Counter values for peer PMIPv6 nodes does not
require non-volatile memory.
The PMIPv6 node that receives the Heartbeat Response message compares
the Restart Counter value with the previously received value. If the
value is different, the receiving node assumes that the peer PMIPv6
node had crashed and recovered. If the Restart Counter value changes
or if there was no previously stored value, the new value is stored
by the receiving PMIPv6 node.
If a PMIPv6 node restarts and looses PMIPv6 session state, it SHOULD
send an unsolicited Heartbeat Response message with an incremented
Restart Counter to all the PMIPv6 nodes that had previously
established PMIPv6 sessions. Note that this is possible only when
the PMIPv6 node stores information about the peers in non-volatile
memory. The unsolicited Heartbeat Response message allows the peer
PMIPv6 nodes to quickly discover the restart. The sequence number
field in the unsolicited Heartbeat Response is ignored and no
response to necessary; the nodes will synchronize during the next
Request and Response exchange.
3.3. Heartbeat Message
The following illustrates the message format for the Heartbeat
Mobility Header message. The 'MH Type' field in the Mobility Header
indicates that it is a Heartbeat message.
Devarapalli (ed.), et al. Expires June 14, 2009 [Page 5]

Internet-Draft PMIPv6 Heartbeat Mechanism December 2008
Type
A 8-bit field that indicates that it is a Restart Counter mobility
option.
Length
A 8-bit field that indicates the length of the option in octets
excluding the 'Type' and 'Length' fields. It is set to '4'.
Restart Counter
A 32-bit field that indicates the current Restart Counter value.
4. Exchanging Heartbeat Messages over an IPv4 Transport Network
In some deployments, the network between the MAG and the LMA may not
be capable of transporting IPv6 packets. In this case, the Heartbeat
messages are tunneled over IPv4. If the Proxy Binding Update and
Proxy Binding Acknowledgment messages are sent using UDP
encapsulation to traverse NATs, then the Heartbeat messages are also
sent with UDP encapsulation. The UDP port used would be the same as
the port used for the Proxy Binding Update and Proxy Binding
Acknowledgement messages. For more details on tunneling Proxy Mobile
IPv6 signaling messages over IPv4, see
[I-D.ietf-netlmm-pmip6-ipv4-support].
5. Configuration Variables
The LMA and the MAG must allow the following variables to be
configurable.
HEARTBEAT_INTERVAL
This variable is used to set the time interval in seconds between
two consecutive Heartbeat Request messages. The default value is
60 seconds. It SHOULD NOT be set to less than 30 seconds.
MISSING_HEARTBEATS_ALLOWED
This variable indicates the maximum number of consecutive
Heartbeat Request messages that a PMIPv6 node can miss before
concluding that the peer PMIPv6 node is not reachable. The
default value for this variable is 3.
Devarapalli (ed.), et al. Expires June 14, 2009 [Page 7]

Internet-Draft PMIPv6 Heartbeat Mechanism December 20086. Security Considerations
The heartbeat messages are just used for checking reachability
between the MAG and the LMA. They do not carry information that is
useful for eavesdroppers on the path. Therefore, confidentiality
protection is not required. Integrity protection using IPsec
[RFC4301] for the heartbeat messages MUST be supported on the MAG and
the LMA.
If dynamic key negotiation between the MAG and the LMA is required,
IKEv2 [RFC4306] should be used.
7. IANA Considerations
The Heartbeat message defined in Section 3.3 must have the type value
allocated from the same space as the 'MH Type' field in the Mobility
Header defined in RFC 3775 [RFC3775].
The Restart Counter mobility option defined in Section 3.4 must have
the type value allocated from the same space as the Mobility Options
defined in RFC 3775 [RFC3775].
8. Acknowledgments
A heartbeat mechanism for a network-based mobility management
protocol was first described in [I-D.giaretta-netlmm-dt-protocol].
The authors would like to thank the members of a NETLMM design team
that produced that document. The mechanism described in this
document also derives from the path management mechanism described in
[GTP].
We would like to thank Alessio Casati for first suggesting a fault
handling mechanism for Proxy Mobile IPv6.
9. References9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC5213] Gundavelli, S., Leung, K., Devarapalli, V., Chowdhury, K.,
and B. Patil, "Proxy Mobile IPv6", RFC 5213, August 2008.
[I-D.ietf-netlmm-pmip6-ipv4-support]
Devarapalli (ed.), et al. Expires June 14, 2009 [Page 8]

Internet-Draft PMIPv6 Heartbeat Mechanism December 2008
Full Copyright Statement
Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Devarapalli (ed.), et al. Expires June 14, 2009 [Page 11]